vscode-twilio icon indicating copy to clipboard operation
vscode-twilio copied to clipboard

Published 20 hours ago verified publisher icon twilio-labs

[Snyk] Security upgrade mocha from 6.1.4 to 9.1.2

Open twilio-product-security opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mocha The new version differs by 250 commits.
  • 18a1055 build(v9.1.2): release
  • 011a5a4 fix: regex in 'update-authors.js'
  • 06f3f63 build(v9.1.2): update CHANGELOG [ci skip]
  • a87461c chore(deps): remove 'wide-align' (#4754)
  • c7f56d1 docs: how to use 'rootHooks' in the browser (#4755) [ci skip]
  • 8421974 fix(browser): stop using all global vars in 'browser-entry' (#4746)
  • 27bfc74 docs: add complete '--delay' example (#4744) [ci skip]
  • 4860738 chore(devDeps): update 'eslint' and its plugins (#4737)
  • abfddf8 docs: fix broken table width under 450 screen width (#4734)
  • 97b8470 chore(esm): remove code for Node versions <10 (#4736)
  • 654b5df build(v9.1.1): release
  • a26cca9 build(v9.1.1): update CHANGELOG [ci skip]
  • e975675 chore: update some devDependencies (#4733)
  • 9e0369b fix(parallel): 'XUNIT' and 'JSON' reporter crash (#4623)
  • 014e47a build(v9.1.0): release
  • 3a14b28 build(v9.1.0): update CHANGELOG [ci skip]
  • 171e211 feat(reporter): add output option to 'JSON' (#4607)
  • bbf0c11 feat: add new option 'fail-zero' (#4716)
  • 757b85d docs: improve 'grep()' and clarify docs (#4714)
  • f19d3ca docs: remove unsupported 'no-timeout' option (#4719) [ci skip]
  • 9f82ccb chore(gha): update 'stale.yml' (#4718) [ci skip]
  • 09ffc30 Set CSP on karma to prevent 'evalError' regression (#4706)
  • 02bf13d Update devDep '@ babel/preset-env' and pin 'regenerator-runtime' (#4707)
  • 54a5788 Add new option "node-option" (#4691)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

twilio-product-security avatar Oct 15 '21 21:10 twilio-product-security